@arcote.tech/arc-host 0.3.0 → 0.3.2

package/dist/src/arc-host.d.ts

@@ -51,6 +51,7 @@ export declare class ArcHost {
     private handleHttpCommand;
     /**
      * Handle HTTP query request
+     * Uses view.queryContext() to apply protections consistently with liveQuery
      */
     private handleHttpQuery;
     /**
@@ -61,6 +62,11 @@ export declare class ArcHost {
      * Handle HTTP event sync request
      */
     private handleHttpEventSync;
+    /**
+     * Handle HTTP route request
+     * Matches path against registered routes and executes handler
+     */
+    private handleHttpRoute;
     /**
      * Stop the server
      */

package/dist/src/arc-host.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"arc-host.d.ts","sourceRoot":"","sources":["../../src/arc-host.ts"],"names":[],"mappings":"AAMA,OAAO,KAAK,EACV,aAAa,EAId,MAAM,SAAS,CAAC;AAiBjB;;GAEG;AACH,qBAAa,OAAO;IASN,OAAO,CAAC,MAAM;IAR1B,OAAO,CAAC,MAAM,CAAyB;IACvC,OAAO,CAAC,iBAAiB,CAA2B;IACpD,OAAO,CAAC,cAAc,CAAkB;IACxC,OAAO,CAAC,iBAAiB,CAAuC;IAChE,OAAO,CAAC,SAAS,CAAS;IAC1B,OAAO,CAAC,IAAI,CAAS;IACrB,OAAO,CAAC,eAAe,CAAK;gBAER,MAAM,EAAE,aAAa;IAQzC;;OAEG;IACG,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IAS5B;;;OAGG;IACH,OAAO,CAAC,WAAW;IAuCnB;;OAEG;YACW,aAAa;IA4B3B;;OAEG;YACW,gBAAgB;IAgD9B;;OAEG;YACW,iBAAiB;IAkC/B;;OAEG;YACW,oBAAoB;IA0BlC;;OAEG;IACH,OAAO,CAAC,SAAS;IAIjB;;OAEG;IACH,OAAO,CAAC,WAAW;IA2InB;;OAEG;YACW,iBAAiB;IAiC/B;;OAEG;YACW,eAAe;IAiC7B;;OAEG;IACH,OAAO,CAAC,gBAAgB;IA+GxB;;OAEG;YACW,mBAAmB;IA4CjC;;OAEG;IACH,IAAI,IAAI,IAAI;CASb"}
+{"version":3,"file":"arc-host.d.ts","sourceRoot":"","sources":["../../src/arc-host.ts"],"names":[],"mappings":"AAOA,OAAO,KAAK,EACV,aAAa,EAId,MAAM,SAAS,CAAC;AAiBjB;;GAEG;AACH,qBAAa,OAAO;IASN,OAAO,CAAC,MAAM;IAR1B,OAAO,CAAC,MAAM,CAAyB;IACvC,OAAO,CAAC,iBAAiB,CAA2B;IACpD,OAAO,CAAC,cAAc,CAAkB;IACxC,OAAO,CAAC,iBAAiB,CAAuC;IAChE,OAAO,CAAC,SAAS,CAAS;IAC1B,OAAO,CAAC,IAAI,CAAS;IACrB,OAAO,CAAC,eAAe,CAAK;gBAER,MAAM,EAAE,aAAa;IAQzC;;OAEG;IACG,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IAS5B;;;OAGG;IACH,OAAO,CAAC,WAAW;IAuCnB;;OAEG;YACW,aAAa;IA4B3B;;OAEG;YACW,gBAAgB;IAgD9B;;OAEG;YACW,iBAAiB;IAkC/B;;OAEG;YACW,oBAAoB;IA0BlC;;OAEG;IACH,OAAO,CAAC,SAAS;IAIjB;;OAEG;IACH,OAAO,CAAC,WAAW;IA4JnB;;OAEG;YACW,iBAAiB;IAqC/B;;;OAGG;YACW,eAAe;IAoD7B;;OAEG;IACH,OAAO,CAAC,gBAAgB;IA+GxB;;OAEG;YACW,mBAAmB;IA4CjC;;;OAGG;YACW,eAAe;IA6H7B;;OAEG;IACH,IAAI,IAAI,IAAI;CASb"}

package/dist/src/context-handler.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"context-handler.d.ts","sourceRoot":"","sources":["../../src/context-handler.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,KAAK,aAAa,EAClB,KAAK,WAAW,EAEhB,KAAK,eAAe,EAEpB,iBAAiB,EACjB,KAAK,EAEN,MAAM,kBAAkB,CAAC;AAE1B,OAAO,KAAK,EAAE,aAAa,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAE3D;;GAEG;AACH,qBAAa,cAAc;aAUP,OAAO,EAAE,aAAa;IATxC,OAAO,CAAC,KAAK,CAAuB;IACpC,OAAO,CAAC,WAAW,CAAoB;IACvC,OAAO,CAAC,cAAc,CAAsB;IAC5C,OAAO,CAAC,WAAW,CAAc;IACjC,OAAO,CAAC,gBAAgB,CAAkC;IAC1D,OAAO,CAAC,kBAAkB,CAAK;IAC/B,OAAO,CAAC,WAAW,CAAS;gBAGV,OAAO,EAAE,aAAa,EACtC,SAAS,EAAE,OAAO,CAAC,eAAe,CAAC;IAuBrC;;OAEG;IACG,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC;IAM3B;;OAEG;IACG,cAAc,CAClB,WAAW,EAAE,MAAM,EACnB,MAAM,EAAE,GAAG,EACX,QAAQ,EAAE,MAAM,GAAG,IAAI,GACtB,OAAO,CAAC,GAAG,CAAC;IAiBf;;OAEG;IACG,aAAa,CACjB,MAAM,EAAE,KAAK,CAAC;QACZ,OAAO,EAAE,MAAM,CAAC;QAChB,IAAI,EAAE,MAAM,CAAC;QACb,OAAO,EAAE,GAAG,CAAC;QACb,SAAS,EAAE,MAAM,CAAC;KACnB,CAAC,EACF,QAAQ,EAAE,MAAM,EAChB,KAAK,EAAE,YAAY,GAAG,IAAI,GACzB,OAAO,CAAC,aAAa,EAAE,CAAC;IA2C3B;;OAEG;IACG,cAAc,CAClB,eAAe,EAAE,MAAM,GAAG,IAAI,EAC9B,KAAK,EAAE,YAAY,GAAG,IAAI,GACzB,OAAO,CAAC,aAAa,EAAE,CAAC;IA8C3B;;OAEG;IACH,QAAQ,IAAI,KAAK,CAAC,aAAa,CAAC;IAIhC;;OAEG;IACH,cAAc,IAAI,iBAAiB;IAInC;;OAEG;IACH,mBAAmB,IAAI,GAAG,CAAC,MAAM,EAAE,WAAW,CAAC;IAI/C;;;OAGG;IACH,YAAY,CAAC,QAAQ,EAAE,MAAM,GAAG,IAAI,GAAG,IAAI;CAG5C"}
+{"version":3,"file":"context-handler.d.ts","sourceRoot":"","sources":["../../src/context-handler.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,KAAK,aAAa,EAClB,KAAK,WAAW,EAEhB,KAAK,eAAe,EAEpB,iBAAiB,EACjB,KAAK,EAEN,MAAM,kBAAkB,CAAC;AAE1B,OAAO,KAAK,EAAE,aAAa,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAE3D;;GAEG;AACH,qBAAa,cAAc;aAUP,OAAO,EAAE,aAAa;IATxC,OAAO,CAAC,KAAK,CAAuB;IACpC,OAAO,CAAC,WAAW,CAAoB;IACvC,OAAO,CAAC,cAAc,CAAsB;IAC5C,OAAO,CAAC,WAAW,CAAc;IACjC,OAAO,CAAC,gBAAgB,CAAkC;IAC1D,OAAO,CAAC,kBAAkB,CAAK;IAC/B,OAAO,CAAC,WAAW,CAAS;gBAGV,OAAO,EAAE,aAAa,EACtC,SAAS,EAAE,OAAO,CAAC,eAAe,CAAC;IAuBrC;;OAEG;IACG,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC;IAM3B;;OAEG;IACG,cAAc,CAClB,WAAW,EAAE,MAAM,EACnB,MAAM,EAAE,GAAG,EACX,QAAQ,EAAE,MAAM,GAAG,IAAI,GACtB,OAAO,CAAC,GAAG,CAAC;IA2Bf;;OAEG;IACG,aAAa,CACjB,MAAM,EAAE,KAAK,CAAC;QACZ,OAAO,EAAE,MAAM,CAAC;QAChB,IAAI,EAAE,MAAM,CAAC;QACb,OAAO,EAAE,GAAG,CAAC;QACb,SAAS,EAAE,MAAM,CAAC;KACnB,CAAC,EACF,QAAQ,EAAE,MAAM,EAChB,KAAK,EAAE,YAAY,GAAG,IAAI,GACzB,OAAO,CAAC,aAAa,EAAE,CAAC;IA2C3B;;OAEG;IACG,cAAc,CAClB,eAAe,EAAE,MAAM,GAAG,IAAI,EAC9B,KAAK,EAAE,YAAY,GAAG,IAAI,GACzB,OAAO,CAAC,aAAa,EAAE,CAAC;IA8C3B;;OAEG;IACH,QAAQ,IAAI,KAAK,CAAC,aAAa,CAAC;IAIhC;;OAEG;IACH,cAAc,IAAI,iBAAiB;IAInC;;OAEG;IACH,mBAAmB,IAAI,GAAG,CAAC,MAAM,EAAE,WAAW,CAAC;IAI/C;;;OAGG;IACH,YAAY,CAAC,QAAQ,EAAE,MAAM,GAAG,IAAI,GAAG,IAAI;CAG5C"}

package/dist/src/index.d.ts

@@ -3,5 +3,4 @@ export { ConnectionManager } from "./connection-manager";
 export { ContextHandler } from "./context-handler";
 export type { ArcHostConfig, ClientToHostMessage, ConnectedClient, HostToClientMessage, SyncableEvent, TokenPayload, } from "./types";
 export { canTokenEmitEvent, canTokenReceiveEvent, filterEventsForToken, } from "./event-auth";
-export { sqliteAdapterFactory } from "../sqliteAdapter";
 //# sourceMappingURL=index.d.ts.map

package/dist/src/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,OAAO,EAAE,MAAM,YAAY,CAAC;AACrC,OAAO,EAAE,iBAAiB,EAAE,MAAM,sBAAsB,CAAC;AACzD,OAAO,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AAGnD,YAAY,EACV,aAAa,EACb,mBAAmB,EACnB,eAAe,EACf,mBAAmB,EACnB,aAAa,EACb,YAAY,GACb,MAAM,SAAS,CAAC;AAGjB,OAAO,EACL,iBAAiB,EACjB,oBAAoB,EACpB,oBAAoB,GACrB,MAAM,cAAc,CAAC;AAGtB,OAAO,EAAE,oBAAoB,EAAE,MAAM,kBAAkB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,OAAO,EAAE,MAAM,YAAY,CAAC;AACrC,OAAO,EAAE,iBAAiB,EAAE,MAAM,sBAAsB,CAAC;AACzD,OAAO,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAC;AAGnD,YAAY,EACV,aAAa,EACb,mBAAmB,EACnB,eAAe,EACf,mBAAmB,EACnB,aAAa,EACb,YAAY,GACb,MAAM,SAAS,CAAC;AAGjB,OAAO,EACL,iBAAiB,EACjB,oBAAoB,EACpB,oBAAoB,GACrB,MAAM,cAAc,CAAC"}

package/index.ts

@@ -1,9 +1,6 @@
 // Re-export everything from src
 export * from "./src";
 
-// Legacy export for backwards compatibility
-export { sqliteAdapterFactory } from "./sqliteAdapter";
-
 // Helper function to start host
 import type { ArcContextAny, DBAdapterFactory } from "@arcote.tech/arc";
 import { ArcHost } from "./src/arc-host";

package/package.json

@@ -4,11 +4,11 @@
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
   "type": "module",
-  "version": "0.3.0",
+  "version": "0.3.2",
   "private": false,
   "author": "Przemysław Krasiński [arcote.tech]",
   "dependencies": {
-    "@arcote.tech/arc-adapter-db-sqlite": "workspace:*",
+    "@arcote.tech/arc-adapter-db-sqlite": "^0.3.0",
     "jsonwebtoken": "^9.0.2"
   },
   "scripts": {

package/src/arc-host.ts

@@ -1,3 +1,4 @@
+import type { ArcRouteAny } from "@arcote.tech/arc";
 import { liveQuery } from "@arcote.tech/arc";
 import type { Server, ServerWebSocket } from "bun";
 import jwt from "jsonwebtoken";
@@ -335,7 +336,13 @@ export class ArcHost {
 
         // HTTP query endpoint: POST /query/:viewName
         if (url.pathname.startsWith("/query/") && req.method === "POST") {
-          return self.handleHttpQuery(req, url, tokenPayload, corsHeaders);
+          return self.handleHttpQuery(
+            req,
+            url,
+            tokenPayload,
+            corsHeaders,
+            token,
+          );
         }
 
         // SSE stream endpoint: GET /stream/:viewName
@@ -354,6 +361,17 @@ export class ArcHost {
           return self.handleHttpEventSync(req, tokenPayload, corsHeaders);
         }
 
+        // Route endpoints: /route/*
+        if (url.pathname.startsWith("/route/")) {
+          return self.handleHttpRoute(
+            req,
+            url,
+            tokenPayload,
+            corsHeaders,
+            token,
+          );
+        }
+
         return new Response("Not Found", { status: 404, headers: corsHeaders });
       },
 
@@ -427,6 +445,10 @@ export class ArcHost {
         headers: { ...corsHeaders, "Content-Type": "application/json" },
       });
     } catch (error) {
+      console.error(`[ARC HTTP] Command '${commandName}' error:`, error);
+      if (error instanceof Error && error.stack) {
+        console.error(`[ARC HTTP] Stack trace:`, error.stack);
+      }
       return new Response(JSON.stringify({ error: (error as Error).message }), {
         status: 500,
         headers: { ...corsHeaders, "Content-Type": "application/json" },
@@ -436,12 +458,14 @@ export class ArcHost {
 
   /**
    * Handle HTTP query request
+   * Uses view.queryContext() to apply protections consistently with liveQuery
    */
   private async handleHttpQuery(
     req: Request,
     url: URL,
-    token: TokenPayload | null,
+    _token: TokenPayload | null,
     corsHeaders: Record<string, string>,
+    rawToken: string | null,
   ): Promise<Response> {
     const viewName = url.pathname.split("/query/")[1];
     if (!viewName) {
@@ -453,11 +477,29 @@ export class ArcHost {
 
     try {
       const params = await req.json();
-      const dataStorage = this.contextHandler.getDataStorage();
-      const tx = await dataStorage.getReadTransaction();
-      const result = await tx.find(viewName, params);
 
-      // TODO: Apply view protection filtering based on token
+      // Get view element
+      const viewElement = this.contextHandler
+        .getModel()
+        .context.get(viewName) as any;
+
+      if (!viewElement || !viewElement.queryContext) {
+        return new Response(JSON.stringify({ error: "View not found" }), {
+          status: 404,
+          headers: { ...corsHeaders, "Content-Type": "application/json" },
+        });
+      }
+
+      // Set auth token so view.queryContext() can apply protections
+      this.contextHandler.setAuthToken(rawToken);
+
+      // Use view's queryContext which applies protections automatically
+      const model = this.contextHandler.getModel();
+      const adapters = model.getAdapters();
+      const queryCtx = viewElement.queryContext(adapters);
+
+      // Execute query through view's queryContext (protections applied)
+      const result = await queryCtx.find(params);
 
       return new Response(JSON.stringify(result), {
         headers: { ...corsHeaders, "Content-Type": "application/json" },
@@ -631,6 +673,135 @@ export class ArcHost {
     }
   }
 
+  /**
+   * Handle HTTP route request
+   * Matches path against registered routes and executes handler
+   */
+  private async handleHttpRoute(
+    req: Request,
+    url: URL,
+    tokenPayload: TokenPayload | null,
+    corsHeaders: Record<string, string>,
+    rawToken: string | null,
+  ): Promise<Response> {
+    const method = req.method as "GET" | "POST" | "PUT" | "DELETE" | "PATCH";
+
+    // Find matching route in context
+    const context = this.contextHandler.getModel().context;
+    let matchedRoute: ArcRouteAny | null = null;
+    let routeParams: Record<string, string> = {};
+
+    for (const element of context.elements) {
+      // Check if element is a route (has matchesPath method)
+      if (element && typeof (element as any).matchesPath === "function") {
+        const route = element as ArcRouteAny;
+        const match = route.matchesPath(url.pathname);
+        if (match.matches) {
+          matchedRoute = route;
+          routeParams = match.params;
+          break;
+        }
+      }
+    }
+
+    if (!matchedRoute) {
+      return new Response(JSON.stringify({ error: "Route not found" }), {
+        status: 404,
+        headers: { ...corsHeaders, "Content-Type": "application/json" },
+      });
+    }
+
+    // Get handler for this method
+    const handler = matchedRoute.getHandler(method);
+    if (!handler) {
+      return new Response(
+        JSON.stringify({ error: `Method ${method} not allowed` }),
+        {
+          status: 405,
+          headers: { ...corsHeaders, "Content-Type": "application/json" },
+        },
+      );
+    }
+
+    // Check protection
+    if (!matchedRoute.isPublic && matchedRoute.hasProtections) {
+      if (!tokenPayload) {
+        return new Response(JSON.stringify({ error: "Unauthorized" }), {
+          status: 401,
+          headers: { ...corsHeaders, "Content-Type": "application/json" },
+        });
+      }
+
+      // Set auth token for protection check
+      this.contextHandler.setAuthToken(rawToken);
+
+      // Check if token type matches any protection
+      let isAuthorized = false;
+      for (const protection of matchedRoute.protections) {
+        if (protection.token.name === tokenPayload.tokenType) {
+          // Create a mock token instance for the check
+          const mockTokenInstance = {
+            params: tokenPayload.params,
+            getTokenDefinition: () => protection.token,
+          };
+          const allowed = await protection.check(mockTokenInstance as any);
+          if (allowed) {
+            isAuthorized = true;
+            break;
+          }
+        }
+      }
+
+      if (!isAuthorized) {
+        return new Response(JSON.stringify({ error: "Forbidden" }), {
+          status: 403,
+          headers: { ...corsHeaders, "Content-Type": "application/json" },
+        });
+      }
+    } else if (!matchedRoute.isPublic && !matchedRoute.hasProtections) {
+      // Route is not public and has no protections - require any valid token
+      if (!tokenPayload) {
+        return new Response(JSON.stringify({ error: "Unauthorized" }), {
+          status: 401,
+          headers: { ...corsHeaders, "Content-Type": "application/json" },
+        });
+      }
+    }
+
+    // Build route context
+    this.contextHandler.setAuthToken(rawToken);
+    const model = this.contextHandler.getModel();
+    const adapters = model.getAdapters();
+
+    const authParams = tokenPayload
+      ? { params: tokenPayload.params, tokenName: tokenPayload.tokenType }
+      : undefined;
+
+    const routeContext = matchedRoute.buildContext(adapters, authParams);
+
+    try {
+      // Execute handler
+      const response = await handler(routeContext, req, routeParams, url);
+
+      // Add CORS headers to response
+      const newHeaders = new Headers(response.headers);
+      for (const [key, value] of Object.entries(corsHeaders)) {
+        newHeaders.set(key, value);
+      }
+
+      return new Response(response.body, {
+        status: response.status,
+        statusText: response.statusText,
+        headers: newHeaders,
+      });
+    } catch (error) {
+      return new Response(JSON.stringify({ error: (error as Error).message }), {
+        status: 500,
+        headers: { ...corsHeaders, "Content-Type": "application/json" },
+      });
+    }
+  }
+
   /**
    * Stop the server
    */

package/src/context-handler.ts

@@ -78,7 +78,17 @@ export class ContextHandler {
 
     // TODO: Check command protection with token
 
-    return await command(params);
+    try {
+      return await command(params);
+    } catch (error) {
+      console.error(`[ARC] Command '${commandName}' failed:`);
+      console.error(`[ARC] Params:`, JSON.stringify(params, null, 2));
+      console.error(`[ARC] Error:`, error);
+      if (error instanceof Error) {
+        console.error(`[ARC] Stack:`, error.stack);
+      }
+      throw error;
+    }
   }
 
   /**

package/src/index.ts

@@ -19,6 +19,3 @@ export {
   canTokenReceiveEvent,
   filterEventsForToken,
 } from "./event-auth";
-
-// Re-export adapters
-export { sqliteAdapterFactory } from "../sqliteAdapter";

package/dist/sqliteAdapter.d.ts

@@ -1,3 +0,0 @@
-import type { DBAdapterFactory } from "@arcote.tech/arc";
-export declare const sqliteAdapterFactory: (dbName: string) => DBAdapterFactory;
-//# sourceMappingURL=sqliteAdapter.d.ts.map

package/dist/sqliteAdapter.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"sqliteAdapter.d.ts","sourceRoot":"","sources":["../sqliteAdapter.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AAIzD,eAAO,MAAM,oBAAoB,GAAI,QAAQ,MAAM,KAAG,gBAErD,CAAC"}

package/sqliteAdapter.ts

@@ -1,7 +0,0 @@
-import type { DBAdapterFactory } from "@arcote.tech/arc";
-// @ts-ignore - external package without types
-import { createBunSQLiteAdapterFactory } from "@arcote.tech/arc-adapter-db-sqlite";
-
-export const sqliteAdapterFactory = (dbName: string): DBAdapterFactory => {
-  return createBunSQLiteAdapterFactory(dbName);
-};